Tracked as CVE-2020-5741, the first is a high-severity flaw in Plex Media Server that is described as a deserialization issue that can be exploited to execute arbitrary Python code, remotely.
“This issue allowed an attacker with access to the server administrator’s Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it,” Plex noted in a May 2020 advisory.
Addressed with the release of Plex Media Server 1.19.3, the vulnerability requires for the attacker to have admin access to a Plex Media Server for successful exploitation, which made it unlikely to be targeted in attacks.